Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

[News] Like IE7, Vista Will be Released Insecure

Skip to first unread message

Roy Schestowitz

Oct 22, 2006, 5:26:13 PM10/22/06
Vista remains insecure, argues Bill Pill creator

,----[ Quote ]
| At first glance it should be good news, after all it would appear
| that Microsoft has plugged a hole that left the claims of Vista
| being highly secure shot to pieces. Nonetheless, the security
| researcher who demonstrated the original Blue Pill exploit at
| both SyScan 06 in Singapore and the Black Hat briefings in Las
| Vegas earlier in the year, Joanna Rutkowska, has hit back with a
| warning that the methodology used by Microsoft to block her
| pagefile exploit is itself fundamentally flawed and insecure.

Should I append some links? I think I might. A few weeks from now, Apple and
Linux users will be able to say that Windows users were warned. Stay pwned
with XP or upgrade to an even riskier and more flaky platform (prematurely
called RC, new code, no SP to mend/assure maturity).

Vista PatchGuard Hacked

,----[ Quote ]
| "Hackers have already broken PatchGuard and can disable it. This
| means that hackers can already get malicious code into the Windows
| Vista kernel; while legitimate security vendors can no longer protect
| it. This presents a serious new risk for consumers and enterprises
| worldwide," stated Oliver Friedrichs director of emerging
| technologies in Symantec Security Respons.

Windows kernel protection expected to break soon

,----[ Quote ]
| PatchGuard, a Microsoft technology to protect key parts of Windows,
| will be hacked sooner rather than later, a security expert said Thursday.

Black Hat Takes Vista to Task

,----[ Quote ]
| She demonstrated two potential attack vectors. One could allow unsigned
| code to be loaded into the Vista kernel. The second vector involved
| taking advantage of AMD's Pacific Hardware Virtualization to inject a
| new form of super malware that Rutkowska claimed to be undetectable.

Windows Vista: It's More Secure, We Promise

,----[ Quote ]
| Well, allow me to take a moment to remind everyone of something that
| you might not remember - XP was also touted as being ultra secure.
| Seriously, can anyone honestly look themselves in the mirror and say
| this is the gospel truth? You have got to be kidding me. Similar to
| XP, Microsoft promises to have the most secure Windows version to date
| yet again.

Perspective: Why Microsoft is wrong on Vista security

,----[ Quote ]
| The net-net is that the user is demonstrably less safe as compared to
| during the XP days, when security vendors could use their advanced
| behavioral features.

IE 7 bugs abound

,----[ Quote ]
| "But browser testers may already be at risk, according to security
| researcher Tom Ferris. Late Tuesday, Ferris released details of a potential
| security flaw in IE 7. An attacker could exploit the flaw by crafting a
| special Web page that could be used to crash the browser or gain complete
| control of a vulnerable system, Ferris said in an advisory on his Web site.
| Microsoft had no immediate comment on Ferris' alert."

Symantec highlights Windows Vista user vulnerabilities

,----[ Quote ]
| Symantec has shed more light on potential vulnerabilities in Windows
| Vista that could circumvent new security measures and leave users
| vulnerable to attack.

Symantec continues Vista bug hunt

,----[ Quote ]
| After poking around the Windows Vista networking stack, Symantec
| researchers have tried out privilege-escalation attacks on an early
| version of the Windows XP successor.
| "We discovered a number of implementation flaws that continued to allow
| a full machine compromise to occur," Matthew Conover, principal
| security researcher at Symantec, wrote in the report titled "Attacks
| against Windows Vista's Security Model." The report was made available
| to Symantec customers last week and is scheduled for public release
| sometime before Vista ships, a Symantec representative said Monday.

Six reasons you'll hate networking in Windows Vista

,----[ Quote ]
| Author finds some details 'maddening,' 'brain dead' and 'laughably
| rudimentary.'

Symantec Finds Flaws In Vista's Network Stack

,----[ Quote ]
| Researchers with Symantec's advanced threat team poked through
| Vista's new network stack in several recent builds of the
| still-under-construction operating system, and found several bugs
| -- some of which have been fixed, including a few in Monday's
| release -- as well as broader evidence that the rewrite of the
| networking code could easily lead to problems.
| [...]
| Among Newsham's and Hoagland's conclusions: "The amount of new
| code present in Windows Vista provides many opportunities for
| new defects."
| "It's true that some of the things we found were 'low-hanging
| fruit,' and that some are getting fixed in later builds,"
| said Friedrichs. "But that begs the question of what else
| is in there?"

Symantec Says Windows Vista Will be Less Secure than XP

,----[ Snippet ]
| Symantec said earlier last week that there were no viruses for Apple's
| OS X.

Symantec sees an Achilles' heel in Vista

,----[ Quote ]
| Some of Microsoft's efforts to make Windows Vista its most stable and
| secure operating system ever could cause instability and new security
| flaws, according to a Symantec report.
| [...]
| "Microsoft has removed a large body of tried and tested code and
| replaced it with freshly written code, complete with new corner cases
| and defects," the researchers wrote in the report, scheduled for
| publication Tuesday.

McAfee: Microsoft completely unrealistic on Vista

,----[ Quote ]
| Windows Vista does not ship with antivirus software installed and active,
| but for the first time Microsoft will be promoting their own antivirus
| service in Windows OneCare. Alex Eckelberry, CEO of Sunbelt Software,
| has already called Microsoft's plans predatory based on pricing. McAfee
| is focusing its critique on operating system design, arguing instead that
| Microsoft's decisions with Vista will simply make the operating system
| less secure.
| In the advertisement, McAfee CEO George Samunek is quoted as saying,
| "Microsoft is being completely unrealistic if, by locking security
| companies out of the kernel, it thinks hackers won't crack Vista's kernel.
| In fact, they already have." The advert continues: "With its upcoming
| Vista operating system, Microsoft is embracing the flawed logic that
| computers will be more secure if it stops co-operating with the
| independent security firms."

Cisco exec: Windows Vista is scary

,----[ Quote ]
| "Parts of Vista scare me," Gleichauf said at the Gartner Security Summit
| here on Monday. "Anything with that level of systems complexity will have
| new threats, as well as bringing new solutions. It's always a struggle
| in security, trying to build for what you don't know."

,----[ Quote ]
| "Up to 60% of the code in the new consumer version of Microsoft new Vista
| operating system is set to be rewritten as the Company 'scrambles' to fix
| internal problems a Microsoft insider has confirmed to SHN... Microsoft has
| also admitted that it has major problems in it's Windows division and has
| has immediately initiated a total restructure of the division..."

Roy Culley

Oct 22, 2006, 5:51:32 PM10/22/06
begin risky.vbs

Roy Schestowitz <> writes:
> Vista remains insecure, argues Bill Pill creator

This goes without saying. MS have great trouble just patching their SW
against known exploits. Making their SW secure is beyond anyone far
less MS themselves.

What makes me laugh is anyone using MS SW for filesystem encryption.
Russian roulette comes to mind.

Security is one of those funny things. You can talk about being "more"
secure, but there's no such thing. A vulnerability is a vulnerability, and
even one makes you just as insecure as anyone else. Security is a binary
condition, either you are or you aren't. - Funkenbusch 1 Oct 2006

0 new messages